Spring boot 我得到的是登录页面,而不是通过spring boot oauth2将访问令牌作为承载传递给API的直接调用
我已经用spring boot实现了Oauth2安全性。并成功获取了相应的访问令牌。但当我使用/admin URL调用API时,我得到的是登录表单,而不是直接调用API 使用Postman,我提供了oauth/authorize和oauth/token请求的所有详细信息,如客户机id、机密、重定向url和范围。我第一次得到登录表单,然后在登录时邮递员提供代码和状态,通过这些值我可以请求oauth/token和获取访问权\u token 当我请求API时记录Spring boot 我得到的是登录页面,而不是通过spring boot oauth2将访问令牌作为承载传递给API的直接调用,spring-boot,oauth-2.0,spring-security-oauth2,Spring Boot,Oauth 2.0,Spring Security Oauth2,我已经用spring boot实现了Oauth2安全性。并成功获取了相应的访问令牌。但当我使用/admin URL调用API时,我得到的是登录表单,而不是直接调用API 使用Postman,我提供了oauth/authorize和oauth/token请求的所有详细信息,如客户机id、机密、重定向url和范围。我第一次得到登录表单,然后在登录时邮递员提供代码和状态,通过这些值我可以请求oauth/token和获取访问权\u token 当我请求API时记录 2020-09-04 20:29:25
2020-09-04 20:29:25.987 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token']
2020-09-04 20:29:25.987 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/admin/api/getData'; against '/oauth/token'
2020-09-04 20:29:25.987 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token_key']
2020-09-04 20:29:25.987 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/admin/api/getData'; against '/oauth/token_key'
2020-09-04 20:29:25.987 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/check_token']
2020-09-04 20:29:25.987 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/admin/api/getData'; against '/oauth/check_token'
2020-09-04 20:29:25.987 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2020-09-04 20:29:25.987 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 1 of 14 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2020-09-04 20:29:25.992 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 2 of 14 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2020-09-04 20:29:25.992 DEBUG 20123 --- [nio-8081-exec-4] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2020-09-04 20:29:25.995 DEBUG 20123 --- [nio-8081-exec-4] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2020-09-04 20:29:25.995 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 3 of 14 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2020-09-04 20:29:25.995 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 4 of 14 in additional filter chain; firing Filter: 'CorsFilter'
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 5 of 14 in additional filter chain; firing Filter: 'LogoutFilter'
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', GET]
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/admin/api/getData'; against '/logout'
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', POST]
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /admin/api/getData' doesn't match 'POST /logout'
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', PUT]
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /admin/api/getData' doesn't match 'PUT /logout'
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', DELETE]
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /admin/api/getData' doesn't match 'DELETE /logout'
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 6 of 14 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /admin/api/getData' doesn't match 'POST /login'
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 7 of 14 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
2020-09-04 20:29:25.997 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 8 of 14 in additional filter chain; firing Filter: 'DefaultLogoutPageGeneratingFilter'
2020-09-04 20:29:25.997 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/admin/api/getData'; against '/logout'
2020-09-04 20:29:25.997 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 9 of 14 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2020-09-04 20:29:25.997 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.s.HttpSessionRequestCache : saved request doesn't match
2020-09-04 20:29:25.997 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 10 of 14 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2020-09-04 20:29:25.997 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 11 of 14 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2020-09-04 20:29:25.997 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@69f5a0ef: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2020-09-04 20:29:25.997 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 12 of 14 in additional filter chain; firing Filter: 'SessionManagementFilter'
2020-09-04 20:29:25.997 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 13 of 14 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2020-09-04 20:29:25.997 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 14 of 14 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2020-09-04 20:29:25.998 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/admin/api/getData'; against '/admin/**'
2020-09-04 20:29:25.998 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /admin/api/getData; Attributes: [hasAnyRole('ROLE_ADMIN')]
2020-09-04 20:29:25.998 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@69f5a0ef: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2020-09-04 20:29:25.999 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@4ce4c2b9, returned: -1
2020-09-04 20:29:26.001 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
@RestController
@RequestMapping("/admin/api")
public class LeadController {
@GetMapping("/getData")
public ResponseEntity<String> getData() throws Exception {
return ResponseEntity.ok("success");
}
}
我在下面提供了我的配置。我想通过访问令牌请求直接调用API
Web安全配置适配器的配置
@Configuration
@EnableWebSecurity
@Order(1)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Bean(name = "myAuthenticationManager")
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("abc").password(passwordEncoder.encode("abc")).roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable();
http.authorizeRequests().antMatchers("/admin/**").hasAnyRole("ADMIN").anyRequest().authenticated().and()
.formLogin();
}
}
@Configuration
@EnableResourceServer
public class ResourceServer extends ResourceServerConfigurerAdapter {
@Autowired
private TokenStore tokenStore;
@Override
public void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable();
http.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/oauth/authorize", "/login", "/oauth/token", "/oauth/logout")
.permitAll();
http.formLogin().permitAll().and().logout().permitAll();
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId("resource_id").tokenStore(tokenStore).stateless(false);
}
}
@Configuration
@EnableAuthorizationServer
public class OAuth2Server extends AuthorizationServerConfigurerAdapter {
@Autowired
private TokenStore tokenStore;
@Autowired
public AuthenticationManager authenticationManager;
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager).tokenStore(tokenStore);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("client").secret(passwordEncoder.encode("secret"))
.authorizedGrantTypes("authorization_code", "password", "refresh_token").authorities("ADMIN")
.scopes("read", "write", "trust").resourceIds("resource_id")
.redirectUris("https://oauth.pstmn.io/v1/callback").accessTokenValiditySeconds(50000)
.refreshTokenValiditySeconds(50000).autoApprove(true);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()")
.allowFormAuthenticationForClients();
}
}
ResourceServerConfigurerAdapter的配置
@Configuration
@EnableWebSecurity
@Order(1)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Bean(name = "myAuthenticationManager")
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("abc").password(passwordEncoder.encode("abc")).roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable();
http.authorizeRequests().antMatchers("/admin/**").hasAnyRole("ADMIN").anyRequest().authenticated().and()
.formLogin();
}
}
@Configuration
@EnableResourceServer
public class ResourceServer extends ResourceServerConfigurerAdapter {
@Autowired
private TokenStore tokenStore;
@Override
public void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable();
http.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/oauth/authorize", "/login", "/oauth/token", "/oauth/logout")
.permitAll();
http.formLogin().permitAll().and().logout().permitAll();
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId("resource_id").tokenStore(tokenStore).stateless(false);
}
}
@Configuration
@EnableAuthorizationServer
public class OAuth2Server extends AuthorizationServerConfigurerAdapter {
@Autowired
private TokenStore tokenStore;
@Autowired
public AuthenticationManager authenticationManager;
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager).tokenStore(tokenStore);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("client").secret(passwordEncoder.encode("secret"))
.authorizedGrantTypes("authorization_code", "password", "refresh_token").authorities("ADMIN")
.scopes("read", "write", "trust").resourceIds("resource_id")
.redirectUris("https://oauth.pstmn.io/v1/callback").accessTokenValiditySeconds(50000)
.refreshTokenValiditySeconds(50000).autoApprove(true);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()")
.allowFormAuthenticationForClients();
}
}
授权服务器配置RADAPTER的配置
@Configuration
@EnableWebSecurity
@Order(1)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Bean(name = "myAuthenticationManager")
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("abc").password(passwordEncoder.encode("abc")).roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable();
http.authorizeRequests().antMatchers("/admin/**").hasAnyRole("ADMIN").anyRequest().authenticated().and()
.formLogin();
}
}
@Configuration
@EnableResourceServer
public class ResourceServer extends ResourceServerConfigurerAdapter {
@Autowired
private TokenStore tokenStore;
@Override
public void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable();
http.authorizeRequests()
.antMatchers(HttpMethod.OPTIONS, "/oauth/authorize", "/login", "/oauth/token", "/oauth/logout")
.permitAll();
http.formLogin().permitAll().and().logout().permitAll();
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId("resource_id").tokenStore(tokenStore).stateless(false);
}
}
@Configuration
@EnableAuthorizationServer
public class OAuth2Server extends AuthorizationServerConfigurerAdapter {
@Autowired
private TokenStore tokenStore;
@Autowired
public AuthenticationManager authenticationManager;
@Autowired
private PasswordEncoder passwordEncoder;
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager).tokenStore(tokenStore);
}
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory().withClient("client").secret(passwordEncoder.encode("secret"))
.authorizedGrantTypes("authorization_code", "password", "refresh_token").authorities("ADMIN")
.scopes("read", "write", "trust").resourceIds("resource_id")
.redirectUris("https://oauth.pstmn.io/v1/callback").accessTokenValiditySeconds(50000)
.refreshTokenValiditySeconds(50000).autoApprove(true);
}
@Override
public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
security.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()")
.allowFormAuthenticationForClients();
}
}
控制器类
2020-09-04 20:29:25.987 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token']
2020-09-04 20:29:25.987 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/admin/api/getData'; against '/oauth/token'
2020-09-04 20:29:25.987 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/token_key']
2020-09-04 20:29:25.987 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/admin/api/getData'; against '/oauth/token_key'
2020-09-04 20:29:25.987 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/oauth/check_token']
2020-09-04 20:29:25.987 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/admin/api/getData'; against '/oauth/check_token'
2020-09-04 20:29:25.987 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2020-09-04 20:29:25.987 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 1 of 14 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2020-09-04 20:29:25.992 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 2 of 14 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2020-09-04 20:29:25.992 DEBUG 20123 --- [nio-8081-exec-4] w.c.HttpSessionSecurityContextRepository : No HttpSession currently exists
2020-09-04 20:29:25.995 DEBUG 20123 --- [nio-8081-exec-4] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: null. A new one will be created.
2020-09-04 20:29:25.995 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 3 of 14 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2020-09-04 20:29:25.995 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 4 of 14 in additional filter chain; firing Filter: 'CorsFilter'
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 5 of 14 in additional filter chain; firing Filter: 'LogoutFilter'
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', GET]
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/admin/api/getData'; against '/logout'
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', POST]
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /admin/api/getData' doesn't match 'POST /logout'
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', PUT]
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /admin/api/getData' doesn't match 'PUT /logout'
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.web.util.matcher.OrRequestMatcher : Trying to match using Ant [pattern='/logout', DELETE]
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /admin/api/getData' doesn't match 'DELETE /logout'
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.web.util.matcher.OrRequestMatcher : No matches found
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 6 of 14 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /admin/api/getData' doesn't match 'POST /login'
2020-09-04 20:29:25.996 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 7 of 14 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter'
2020-09-04 20:29:25.997 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 8 of 14 in additional filter chain; firing Filter: 'DefaultLogoutPageGeneratingFilter'
2020-09-04 20:29:25.997 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/admin/api/getData'; against '/logout'
2020-09-04 20:29:25.997 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 9 of 14 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2020-09-04 20:29:25.997 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.s.HttpSessionRequestCache : saved request doesn't match
2020-09-04 20:29:25.997 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 10 of 14 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2020-09-04 20:29:25.997 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 11 of 14 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2020-09-04 20:29:25.997 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@69f5a0ef: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2020-09-04 20:29:25.997 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 12 of 14 in additional filter chain; firing Filter: 'SessionManagementFilter'
2020-09-04 20:29:25.997 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 13 of 14 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2020-09-04 20:29:25.997 DEBUG 20123 --- [nio-8081-exec-4] o.s.security.web.FilterChainProxy : /admin/api/getData at position 14 of 14 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2020-09-04 20:29:25.998 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/admin/api/getData'; against '/admin/**'
2020-09-04 20:29:25.998 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /admin/api/getData; Attributes: [hasAnyRole('ROLE_ADMIN')]
2020-09-04 20:29:25.998 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@69f5a0ef: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2020-09-04 20:29:25.999 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@4ce4c2b9, returned: -1
2020-09-04 20:29:26.001 DEBUG 20123 --- [nio-8081-exec-4] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
@RestController
@RequestMapping("/admin/api")
public class LeadController {
@GetMapping("/getData")
public ResponseEntity<String> getData() throws Exception {
return ResponseEntity.ok("success");
}
}
@RestController
@请求映射(“/admin/api”)
公共类领班控制员{
@GetMapping(“/getData”)
public ResponseEntity getData()引发异常{
返回响应。ok(“成功”);
}
}
为什么我在获得访问令牌并传入请求头之后再次获得登录页面,如
承载响应\u访问\u令牌
请指导我更改流程以成功获取调用API
提前感谢。这可能与CORS有关。如果您使用的是邮递员,您的请求将不会来自正确的域。